Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

McDoT: Multi-Channel Domain Tracking Technology for Illegal Domains Collection

  • Received : 2020.11.02
  • Accepted : 2020.11.18
  • Published : 2020.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, Harmful sites, including pornographic videos, drugs, personal information and hacking tool distribution sites, have caused serious social problems. However, due to the nature of the Internet environment where anyone can use it freely, it is difficult to control the user effectively. And the site operator operates by changing the domain to bypass the blockage. Therefore, even once identified sites have low persistence. In this paper, we propose multi-channel domain tracking technology, a technique that can effectively track changes in the domain addresses of harmful sites, including the same or similar content, by tracking changes in these harmful sites. Proposed technology is a technology that can continuously track information in a domain using OSINT technology. We tested and verified that the proposed technology was effective for domain tracking with a 90.4% trace rate (sensing 66 changes out of 73 domains).

음란 동영상, 마약, 개인정보, 해킹 도구 유포사이트 등을 포함하는 유해 사이트는 최근 사회적으로 심각한 문제를 초래하고 있다. 하지만 누구나 자유롭게 사용할 수 있는 인터넷환경의 특성상 접속자를 효과적으로 통제하기 어렵고, 사이트 운영자는 차단을 우회하기 위해 도메인을 변경하면서 운영한다. 따라서, 한번 확인된 사이트라 하더라도 그 지속성은 낮다. 본 논문에서는 이와 같은 유해 사이트의 변화를 추적하여 동일 또는 유사한 콘텐츠를 포함한 유해 사이트의 도메인 주소가 변경되는 것을 효과적으로 추적할 수 있는 기술인 다채널 도메인 추적기술을 제안한다. 제안하는 기술은 OSINT 기술을 이용하여 도메인의 정보를 지속적으로 추적할 수 있는 기술이다. 우리는 실험을 통해 90.4%의 추적률(실험대상 73개의 도메인 중 66개의 변경을 감지)로 제안한 기술이 도메인추적에 효과가 있음을 검증하였다.

Keywords

References

  1. Internetlivestats https://www.internetlivestats.com/
  2. Unlawful sites, enhanced blockage with blackouts, http://news.knue.ac.kr/news/articleView.html?idxno=2197
  3. 2019 Internet censorship controversy, https://zdnet.co.kr/view/?no=20190214091551
  4. Server Name Indication, https://namu.wiki/w/SNI
  5. Kim Jong Woo, Lee Sun Jeong, "Developing a Connection Restrictions Filtering System for Websites based on Swear Words Extraction", Journal of KIISE, Vol. 46, No. 12, pp. 1272-1278, 2019, 10.5626/JOK.2019.46.12.1272
  6. SukYoon Kang, JooYoung Cho, GaHyun Joo, YountGu Lee, "Harmful Website Detection System Using Real-time Web Crawling", Korea Computer Congress 2018, pp. 1904-1906, Jul. 2018.
  7. BoungJin Kim, SangJun Lee, "Improvement of Methods for Discriminating Harmful Web Sites by using Link Relations between Web Sites and Constructing Whitelist", KIISE Transactions on Computing Practices, Vol. 25, No. 10, pp. 506-510, 2019, 10.5626/KTCP.2019.25.10.506
  8. KwangSu Shin, JinHa Song, HongHo Nang, "An Adult Web Site Classification Method using Analysis of Multiple Images in Web Page", Korea Computer Congress 2017, pp. 868-870, Dec, 2017.
  9. LIU, Zhenyan, et al. An imbalanced malicious domains detection method based on passive dns traffic analysis. Security and Communication Networks, 2018, 2018.
  10. TIAN, Xiang, et al. VegaStar: An Illegal Domain Detection System on Large-Scale Video Traffic. In: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, 2018. p. 783-789.
  11. SOSKA, Kyle; CHRISTIN, Nicolas. Automatically detecting vulnerable websites before they turn malicious. In: 23rd {USENIX} Security Symposium ({USENIX} Security 14). 2014. p. 625-640.
  12. Google Cloud Platform, https://console.cloud.google.com/getting-started?hl=ko&pli=1
  13. KOMORAN, https://github.com/shineware/KOMORAN
  14. Korean Analysis Plugin, https://www.elastic.co/guide/en/elasticsearch/plugins/current/analysis-nori.html
  15. ELK, https://www.elastic.co/kr/
  16. GO, https://golang.org/
  17. TF-IDF, https://ko.wikipedia.org/wiki/Tf-idf